My speech on the first day of Data Privacy Asia, being held September 19 and 20 in Manila, Philippines, is “Beyond Compliance: Ethics, Technology and Trust.” Within the speech I’m going to explain how privacy is dependent upon, and impacts, ethics, trust and technology. I am going to also provide a dozen ways that I have identified throughout the past couple of decades for how addressing and implementing a comprehensive privacy protection brings business value.
While those at the conference will get the benefit of my full speech, I am providing here a very high-level listing of those twelve reasons so that everyone can benefit from realizing that addressing privacy within any type of organization, and within all services and products that touch personal data in any way, brings many business values, and should not be brushed aside or minimized in importance.
1. To meet compliance requirements
This is the benefit that is most often touted, so I’ll start with it. Organizations that do not implement privacy protection face huge fines in the tens of millions of dollars (now the possibilities are even higher under the EU GDPR) and up to 20-year penalties for non-compliance with laws, regulations, standards and their own published privacy and security notices. Organizations also risk losing valuable business relationships by not complying with their contractual requirements for privacy protections.
2. To prevent breaches that hurt businesses
A privacy principle that is common to all international privacy principles, and a requirement in all data protection and privacy legal requirements is implementing strong security safeguards to protect personal data. Organizations that implement such controls will, as a result, reduce the number of security incidents that result in privacy breaches. Fewer breaches mean the business does not lose trust, then resultingly lose customers or other types of business. It also means the business does not have to deal with fines, multi-year penalties, or civil suits as an after effect of breaches.
3. To prevent breaches that hurt data subjects / individuals
Privacy protections involve ensuring strong security for personal data and all the associated activities involved with collecting, storing, processing, accessing transmitting, sharing and disposing of the data. Historically organizations have not had comprehensive, strong data security controls implemented throughout the entire enterprise, through to every end-device. By implementing security controls for personal data, breaches that negatively impact the data subjects will be avoided. Consider for example the results from just one security solution that in Q2 2018 blocked 962,947,023 attacks launched from online resources located in 187 countries across the globe. Those could have resulted in breaches of personal data that could have harmed the associated data subjects, in really unlimited ways, if they were successful. I have a friend who became a privacy lawyer as a result of her personal data being breached in the 1990s that resulted in identity fraud. She is still spending time and money counteracting the results of that fraud to this very day.
4. To maintain and improve brand value
A Forbes Insights report stated that 46% of organizations suffered damage to their reputation and brand value as a result of a privacy breach. Organizations that explicitly make clear that protecting the privacy of their consumers is a primary goal, care about their consumers’ privacy, and support meeting that goal with transparent and consistently followed privacy practices that demonstrate this care, will build emotional connections to their brand, which will improve brand value.
5. To strengthen and grow business
A Pew report found that it was important to 93% of Americans to have control over the entities and individuals who are allowed to get information about them, and 90% said that they wanted to control the specific types of information that was collected about them. These attitudes seem to be similar worldwide. Businesses that implement privacy protections, which provide such controls, will strengthen and grow their business, as they become preferred by consumers over their competitors which do not provide such controls.
6. To support ethics
Most organizations have established business ethics policies, or a code of ethics. Even those that haven’t still need to follow ethical practices if they expect to stay in business for any length of time. Such ethics policies typically indicate something to the effect that confidential information will be handled responsibly, not used in business activities in ways that do harm as a result, and used only as indicated for business purposes. But yet I’ve had the sales, marketing and legal areas of many of my clients throughout my entire career tell me that if there is not a law against using personal data, then they are not prohibited from using it in ways that will benefit their companies. Even if it means it could expose the associated data subjects to unwanted communications, at the least, or result in identity fraud, or physical harm through locations being exposed, at the worst. Certainly, business ethics that claim they do not want to do harm are in conflict with such actions.